CVE-2008-2927

Severity

68%

Complexity

86%

Confidentiality

106%

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 16 years ago

2008-07-07 23:41:00

Last updated 6 years ago

2018-10-11 20:44:00

Affected Software

Pidgin 2.0.0

2.0.0

Pidgin 2.0.1

2.0.1

Pidgin 2.0.2

2.0.2

Pidgin 2.1.0

2.1.0

Pidgin 2.1.1

2.1.1

Pidgin 2.2.0

2.2.0

Pidgin 2.2.1

2.2.1

Pidgin 2.2.2

2.2.2

Pidgin 2.3.0

2.3.0

Pidgin 2.3.1

2.3.1

Pidgin 2.4.0

2.4.0

Pidgin 2.4.1

2.4.1

Pidgin

References

http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c

http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c

30971

Vendor Advisory

31016

Vendor Advisory

31105

Vendor Advisory

31387

Vendor Advisory

31642

Vendor Advisory

32859

32861

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246

DSA-1610

MDVSA-2008:143

MDVSA-2009:127

[oss-security] 20080704 Re: Re: CVE Request (pidgin)

[oss-security] 20080703 Re: Re: CVE Request (pidgin)

http://www.pidgin.im/news/security/?id=25

RHSA-2008:0584

20080625 Pidgin 2.4.1 Vulnerability

20080806 rPSA-2008-0246-1 gaim

20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

29956

1020451

USN-675-1

USN-675-2

ADV-2008-2032

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-08-054

https://bugzilla.redhat.com/show_bug.cgi?id=453764

adium-msnprotocol-code-execution(44774)

https://issues.rpath.com/browse/RPL-2647

oval:org.mitre.oval:def:11695

oval:org.mitre.oval:def:17972

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.